MDKSA-2001:057

Package name

proftpd

Date

2001-06-20

Advisory ID

MDKSA-2001:057

Affected versions

Problem description

CERT released an advisory regarding the incorrect management of buffers
in various FTP server that can lead to a remote intruder executing
arbitrary code on the FTP server. This incorrect management of buffers
is due to the return from the glob() function.
ProFTPD is not affected by this vulnerability on the Linux platform and
also because it uses the GNU glob() function, which is not vulnerable.
The minimum recommended version of ProFTPD, from the ProFTPD team, is
1.2.0rc3 due to security problems in older versions.